Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/3d/54bb50-01be-4ec6-9418-eee7fae5c037/1/IdO38S4YIdRssHlxZUHLczi2V8w.roa
File:                     IdO38S4YIdRssHlxZUHLczi2V8w.roa (raw, json)
Hash identifier:          D6ETv9vHpvHRNzXh7orpMoqsZYhYmcHQztp4EEnJ9x0=
Subject key identifier:   21:D3:B7:F1:2E:18:21:D4:6C:B0:79:71:65:41:CB:73:38:B6:57:CC
Certificate issuer:       /CN=828672cd736b57e1e3dfc7dd736f3bd8a616ba81
Certificate serial:       07122FB4
Authority key identifier: 82:86:72:CD:73:6B:57:E1:E3:DF:C7:DD:73:6F:3B:D8:A6:16:BA:81
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/goZyzXNrV-Hj38fdc2872KYWuoE.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/3d/54bb50-01be-4ec6-9418-eee7fae5c037/1/IdO38S4YIdRssHlxZUHLczi2V8w.roa
Signing time:             Sat 01 Jan 2022 05:53:04 +0000
ROA not before:           Sat 01 Jan 2022 05:53:04 +0000
ROA not after:            Sat 01 Jul 2023 00:00:00 +0000
asID:                     56561
IP address blocks:        5.39.206.0/24 maxlen: 24
                          5.39.204.0/22 maxlen: 22
                          5.39.204.0/23 maxlen: 23
                          5.39.204.0/24 maxlen: 24
                          5.39.206.0/23 maxlen: 23
                          5.39.205.0/24 maxlen: 24
                          5.39.207.0/24 maxlen: 24

Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 118632372 (0x7122fb4)
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=828672cd736b57e1e3dfc7dd736f3bd8a616ba81
        Validity
            Not Before: Jan  1 05:53:04 2022 GMT
            Not After : Jul  1 00:00:00 2023 GMT
        Subject: CN=21d3b7f12e1821d46cb079716541cb7338b657cc
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d0:7b:5e:8f:1d:6e:f7:d1:9d:73:44:00:da:37:
                    6b:f4:ea:82:f3:ee:85:92:fa:89:c9:c7:98:eb:79:
                    48:70:b5:00:d8:0a:e5:21:7f:b9:37:b4:48:81:aa:
                    87:ae:81:b5:77:0c:37:69:92:38:9e:9d:3e:84:91:
                    de:33:76:2b:cd:31:4f:dc:d6:0e:83:ef:c9:f1:1c:
                    97:8f:00:83:a3:00:bd:ab:5b:25:06:99:64:53:c5:
                    c7:7d:90:de:71:b0:33:cb:ed:48:fb:0c:ce:de:57:
                    62:02:e6:e3:cc:cc:90:4f:c3:99:7e:02:50:33:9e:
                    43:5b:2c:99:4f:0f:2c:4e:98:83:df:97:4c:2a:cc:
                    f6:e5:db:d3:a4:47:5a:42:9b:87:94:cc:e6:4c:2f:
                    73:b8:26:42:b0:be:7d:8f:ab:6e:e5:30:ca:f6:d2:
                    a4:38:d1:bc:76:0f:bc:e2:66:0c:86:e6:49:29:c5:
                    60:34:0f:0b:53:27:18:a2:32:20:bf:04:74:b0:8e:
                    bb:0a:e8:af:af:d6:6b:53:2c:00:b5:ee:08:52:a0:
                    9c:07:56:76:9c:e7:eb:17:e6:cf:90:89:35:e7:b1:
                    45:c8:9b:3c:49:a7:c4:77:f0:5b:58:31:4e:0a:e0:
                    f3:c6:ed:ec:09:2b:e9:e6:a4:c5:98:4c:c0:1a:15:
                    b1:19
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                21:D3:B7:F1:2E:18:21:D4:6C:B0:79:71:65:41:CB:73:38:B6:57:CC
            X509v3 Authority Key Identifier:
                keyid:82:86:72:CD:73:6B:57:E1:E3:DF:C7:DD:73:6F:3B:D8:A6:16:BA:81

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/goZyzXNrV-Hj38fdc2872KYWuoE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/3d/54bb50-01be-4ec6-9418-eee7fae5c037/1/IdO38S4YIdRssHlxZUHLczi2V8w.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/3d/54bb50-01be-4ec6-9418-eee7fae5c037/1/goZyzXNrV-Hj38fdc2872KYWuoE.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  5.39.204.0/22

    Signature Algorithm: sha256WithRSAEncryption
         5f:77:f7:d8:05:5f:a0:c7:be:85:23:5f:43:4a:3e:d6:f2:90:
         d7:2c:7c:40:8d:8c:fb:b2:68:a7:03:c5:7e:51:63:10:1f:94:
         d1:b1:b9:e0:d7:d6:35:67:51:bf:43:61:8a:19:c9:91:de:9a:
         07:fb:89:11:c5:eb:3c:5f:89:0f:15:90:7f:ed:5b:9d:42:0a:
         14:37:e2:8d:a5:5b:2d:4d:cc:0e:15:cc:d9:f6:5b:f3:fb:78:
         ca:3d:4f:a4:71:d6:c5:95:9c:8a:a0:2c:5a:c9:e4:9f:24:dc:
         9f:42:4a:08:74:21:f2:db:12:86:45:9d:c8:5e:e9:b0:27:d6:
         61:69:47:ce:bc:91:3e:7c:9a:70:fe:88:ea:b9:cc:0a:ee:9f:
         6c:e1:ab:6b:af:f0:a1:4c:2b:b5:15:67:86:e6:f5:6c:1f:07:
         5d:40:30:0d:3b:41:f4:ef:c9:14:65:0a:0b:5a:30:ed:6c:5b:
         30:8b:a3:f5:87:92:e9:80:40:9e:28:9b:e5:1d:df:7b:88:c3:
         05:bb:e9:bf:81:5f:5e:33:18:71:e3:69:bf:5c:14:ea:ca:05:
         b1:aa:94:5a:db:d2:24:0c:60:4c:45:94:06:13:3c:78:56:f9:
         91:93:0d:72:a4:24:ee:57:4e:c6:c9:aa:a5:b0:29:dc:c1:84:
         70:d9:23:b9
-----BEGIN CERTIFICATE-----
MIIE7zCCA9egAwIBAgIEBxIvtDANBgkqhkiG9w0BAQsFADAzMTEwLwYDVQQDEyg4
Mjg2NzJjZDczNmI1N2UxZTNkZmM3ZGQ3MzZmM2JkOGE2MTZiYTgxMB4XDTIyMDEw
MTA1NTMwNFoXDTIzMDcwMTAwMDAwMFowMzExMC8GA1UEAxMoMjFkM2I3ZjEyZTE4
MjFkNDZjYjA3OTcxNjU0MWNiNzMzOGI2NTdjYzCCASIwDQYJKoZIhvcNAQEBBQAD
ggEPADCCAQoCggEBANB7Xo8dbvfRnXNEANo3a/TqgvPuhZL6icnHmOt5SHC1ANgK
5SF/uTe0SIGqh66BtXcMN2mSOJ6dPoSR3jN2K80xT9zWDoPvyfEcl48Ag6MAvatb
JQaZZFPFx32Q3nGwM8vtSPsMzt5XYgLm48zMkE/DmX4CUDOeQ1ssmU8PLE6Yg9+X
TCrM9uXb06RHWkKbh5TM5kwvc7gmQrC+fY+rbuUwyvbSpDjRvHYPvOJmDIbmSSnF
YDQPC1MnGKIyIL8EdLCOuwror6/Wa1MsALXuCFKgnAdWdpzn6xfmz5CJNeexRcib
PEmnxHfwW1gxTgrg88bt7Akr6eakxZhMwBoVsRkCAwEAAaOCAgkwggIFMB0GA1Ud
DgQWBBQh07fxLhgh1GyweXFlQctzOLZXzDAfBgNVHSMEGDAWgBSChnLNc2tX4ePf
x91zbzvYpha6gTAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsG
AQUFBzAChkhyc3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxU
L2dvWnl6WE5yVi1IajM4ZmRjMjg3MktZV3VvRS5jZXIwgY0GCCsGAQUFBwELBIGA
MH4wfAYIKwYBBQUHMAuGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5
L0RFRkFVTFQvM2QvNTRiYjUwLTAxYmUtNGVjNi05NDE4LWVlZTdmYWU1YzAzNy8x
L0lkTzM4UzRZSWRSc3NIbHhaVUhMY3ppMlY4dy5yb2EwgYEGA1UdHwR6MHgwdqB0
oHKGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvM2Qv
NTRiYjUwLTAxYmUtNGVjNi05NDE4LWVlZTdmYWU1YzAzNy8xL2dvWnl6WE5yVi1I
ajM4ZmRjMjg3MktZV3VvRS5jcmwwGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjAf
BggrBgEFBQcBBwEB/wQQMA4wDAQCAAEwBgMEAgUnzDANBgkqhkiG9w0BAQsFAAOC
AQEAX3f32AVfoMe+hSNfQ0o+1vKQ1yx8QI2M+7JopwPFflFjEB+U0bG54NfWNWdR
v0NhihnJkd6aB/uJEcXrPF+JDxWQf+1bnUIKFDfijaVbLU3MDhXM2fZb8/t4yj1P
pHHWxZWciqAsWsnknyTcn0JKCHQh8tsShkWdyF7psCfWYWlHzryRPnyacP6I6rnM
Cu6fbOGra6/woUwrtRVnhub1bB8HXUAwDTtB9O/JFGUKC1ow7WxbMIuj9YeS6YBA
niib5R3fe4jDBbvpv4FfXjMYceNpv1wU6soFsaqUWtvSJAxgTEWUBhM8eFb5kZMN
cqQk7ldOxsmqpbAp3MGEcNkjuQ==
-----END CERTIFICATE-----
Generated at Thu Jun 6 19:04:22 2024 by rpki-client on console-ams.rpki-client.org